SNS version 4.3.40 LTSB bug fixes

System

SSL VPN

Support references 84495/84933/85038/85081/85213

Changes have been made to the way the SSL VPN configuration is loaded, in order to reduce the number of times disks are accessed.

Physical memory

Support reference 85277

Physical memory is now optimally managed when the Maximum Transmission Unit (MTU) exceeds 4000 bytes.

High availability (HA)

Support reference 86211

During a switch in the cluster, TCP connections that were set up with a high Window Scale Factor (8 and above) will not resume properly with the new active firewall, which is unable to correctly manage the amount of data that it receives in these TCP connections. As a result, the firewall will block some data packets. To work around this issue, change the value of the token RecoveryToLite, which was added for this purpose in the section [IPSConnection] in the file ConfigFiles/Protocols/tcpudp/0x, to 1.

Do note that once this value is changed, sequence numbers will be ignored, relieving packet analysis.

PAYG VM

Support reference 85559

The host objects enroll-sns.stormshieldcs.eu and accounting-sns.stormshieldcs.eu that are used in PAYG VMs have been added to the SNS configuration.

MSTP configuration

Support reference 86087

In configurations that use link aggregates (LACP) and MSTP, reloading the filter policy would wrongly generate the system event "STP topology change". This issue has been fixed.

Support reference 86087

Previously, when the MSTP configuration was edited, it would cause a succession of "STP topology change" system events, most of which were false positives. This issue has been fixed, to raise only legitimate system events.

Intrusion prevention engine

Managing connections spread out over multiple CPUs

Support reference 85947

An anomaly, which occurred when comparing sets of connections or UDP sessions spread out over several CPUs over very short intervals, has been fixed. This anomaly occasionally disconnected these sessions.